Description: btrfs: crafted image causes use-after-free in rwsem_can_spin_on_owner References: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318 Notes: carnil> Introduced in 78134300579a ("locking/rwsem: Don't call carnil> owner_on_cpu() on read-owner") in 5.3-rc2? bwh> I don't think so. That commit did not introduce the dereference of bwh> the owner pointer, and the issue is also said to be reproducible on bwh> 5.0.21 (which does not have a backport of it). Bugs: upstream: released (5.4-rc1) [9f7fec0ba89108b9385f1b9fb167861224912a4a] 5.10-upstream-stable: N/A "Fixed before branch point" 4.19-upstream-stable: released (4.19.137) [cd823ab582225b2ce6eb37b9e22581a8d171a24a] 4.9-upstream-stable: released (4.9.249) [cb6874171820fe34f7d99c4a4353ee3abb1ecbd9] 3.16-upstream-stable: ignored "EOL" sid: released (5.4.6-1) 4.19-buster-security: released (4.19.146-1) 4.9-stretch-security: released (4.9.258-1) 3.16-jessie-security: ignored "EOL"